Skip to main content

Hub CVE-2014-0177

LOW
Cryptographic Issues (CWE-310)
2014-05-27 secalert@redhat.com
3.6
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.6 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:N/I:P/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
May 27, 2014 - 14:55 cve.org
LOW 3.6

DescriptionCVE.org

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.

AnalysisAI

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-310. The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. Affected products include: Github Hub. Version information: before 1.12.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Hub

View all
CVE-2025-65784 MEDIUM POC
6.5 Jan 13

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-leve

CVE-2026-50242 CRITICAL
9.8 Jun 19

Authentication bypass in JetBrains Hub (the identity and account-management server behind TeamCity, YouTrack, and other

CVE-2026-56141 CRITICAL
9.8 Jun 19

Account takeover in JetBrains Hub is possible through predictable restore codes, affecting all versions prior to 2026.1.

CVE-2025-65783 CRITICAL
9.8 Jan 13

Hub v2.0 property management system allows unauthenticated arbitrary file upload via /utils/uploadFile. Malicious PDF fi

CVE-2022-25262 CRITICAL
9.8 Feb 25

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulne

CVE-2021-43183 CRITICAL
9.8 Nov 09

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Rated critical severity

CVE-2021-36209 CRITICAL
9.8 Aug 06

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Rated critical severity (CVSS

CVE-2026-25848 CRITICAL
9.1 Feb 09

JetBrains Hub before 2025.3.119807 has an authentication bypass allowing administrative actions without proper credentia

CVE-2022-25260 CRITICAL
9.1 Feb 25

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (C

CVE-2026-56142 HIGH
8.8 Jun 19

Privilege escalation in JetBrains Hub (versions prior to 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024

CVE-2023-45823 HIGH
7.5 Oct 19

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for

CVE-2022-45471 HIGH
7.5 Nov 18

In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address. Rated high

Share

CVE-2014-0177 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy